165ff3638SAlexander V. Chernikov /*- 265ff3638SAlexander V. Chernikov * Copyright (c) 2015 365ff3638SAlexander V. Chernikov * Alexander V. Chernikov <melifaro@FreeBSD.org> 465ff3638SAlexander V. Chernikov * 565ff3638SAlexander V. Chernikov * Redistribution and use in source and binary forms, with or without 665ff3638SAlexander V. Chernikov * modification, are permitted provided that the following conditions 765ff3638SAlexander V. Chernikov * are met: 865ff3638SAlexander V. Chernikov * 1. Redistributions of source code must retain the above copyright 965ff3638SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer. 1065ff3638SAlexander V. Chernikov * 2. Redistributions in binary form must reproduce the above copyright 1165ff3638SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer in the 1265ff3638SAlexander V. Chernikov * documentation and/or other materials provided with the distribution. 13fbbd9655SWarner Losh * 3. Neither the name of the University nor the names of its contributors 1465ff3638SAlexander V. Chernikov * may be used to endorse or promote products derived from this software 1565ff3638SAlexander V. Chernikov * without specific prior written permission. 1665ff3638SAlexander V. Chernikov * 1765ff3638SAlexander V. Chernikov * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 1865ff3638SAlexander V. Chernikov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1965ff3638SAlexander V. Chernikov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2065ff3638SAlexander V. Chernikov * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 2165ff3638SAlexander V. Chernikov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2265ff3638SAlexander V. Chernikov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2365ff3638SAlexander V. Chernikov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2465ff3638SAlexander V. Chernikov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2565ff3638SAlexander V. Chernikov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2665ff3638SAlexander V. Chernikov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2765ff3638SAlexander V. Chernikov * SUCH DAMAGE. 2865ff3638SAlexander V. Chernikov */ 2965ff3638SAlexander V. Chernikov 3065ff3638SAlexander V. Chernikov #include <sys/cdefs.h> 3165ff3638SAlexander V. Chernikov __FBSDID("$FreeBSD$"); 3265ff3638SAlexander V. Chernikov 3365ff3638SAlexander V. Chernikov #include "opt_inet.h" 3465ff3638SAlexander V. Chernikov #include "opt_inet6.h" 3565ff3638SAlexander V. Chernikov #include "opt_route.h" 3665ff3638SAlexander V. Chernikov 3765ff3638SAlexander V. Chernikov #include <sys/param.h> 3865ff3638SAlexander V. Chernikov #include <sys/systm.h> 3965ff3638SAlexander V. Chernikov #include <sys/lock.h> 4020efcfc6SAndrey V. Elsukov #include <sys/rmlock.h> 4165ff3638SAlexander V. Chernikov #include <sys/malloc.h> 4265ff3638SAlexander V. Chernikov #include <sys/mbuf.h> 4365ff3638SAlexander V. Chernikov #include <sys/socket.h> 4465ff3638SAlexander V. Chernikov #include <sys/sysctl.h> 4565ff3638SAlexander V. Chernikov #include <sys/kernel.h> 4665ff3638SAlexander V. Chernikov 4765ff3638SAlexander V. Chernikov #include <net/if.h> 4865ff3638SAlexander V. Chernikov #include <net/if_var.h> 4965ff3638SAlexander V. Chernikov #include <net/if_dl.h> 5065ff3638SAlexander V. Chernikov #include <net/route.h> 51fedeb08bSAlexander V. Chernikov #include <net/route/route_ctl.h> 52e7d8af4fSAlexander V. Chernikov #include <net/route/route_var.h> 53a6663252SAlexander V. Chernikov #include <net/route/nhop.h> 54*0c325f53SAlexander V. Chernikov #include <net/toeplitz.h> 5565ff3638SAlexander V. Chernikov #include <net/vnet.h> 5665ff3638SAlexander V. Chernikov 5765ff3638SAlexander V. Chernikov #include <netinet/in.h> 5865ff3638SAlexander V. Chernikov #include <netinet/in_var.h> 5965ff3638SAlexander V. Chernikov #include <netinet/ip_mroute.h> 6065ff3638SAlexander V. Chernikov #include <netinet/ip6.h> 6165ff3638SAlexander V. Chernikov #include <netinet6/in6_fib.h> 6265ff3638SAlexander V. Chernikov #include <netinet6/in6_var.h> 6365ff3638SAlexander V. Chernikov #include <netinet6/nd6.h> 6465ff3638SAlexander V. Chernikov #include <netinet6/scope6_var.h> 6565ff3638SAlexander V. Chernikov 6665ff3638SAlexander V. Chernikov #include <net/if_types.h> 6765ff3638SAlexander V. Chernikov 6865ff3638SAlexander V. Chernikov #ifdef INET6 695f3e375eSBjoern A. Zeeb 7016c2f241SAlexander V. Chernikov CHK_STRUCT_ROUTE_COMPAT(struct route_in6, ro_dst); 7116c2f241SAlexander V. Chernikov 72*0c325f53SAlexander V. Chernikov #ifdef ROUTE_MPATH 73*0c325f53SAlexander V. Chernikov struct _hash_5tuple_ipv6 { 74*0c325f53SAlexander V. Chernikov struct in6_addr src; 75*0c325f53SAlexander V. Chernikov struct in6_addr dst; 76*0c325f53SAlexander V. Chernikov unsigned short src_port; 77*0c325f53SAlexander V. Chernikov unsigned short dst_port; 78*0c325f53SAlexander V. Chernikov char proto; 79*0c325f53SAlexander V. Chernikov char spare[3]; 80*0c325f53SAlexander V. Chernikov }; 81*0c325f53SAlexander V. Chernikov _Static_assert(sizeof(struct _hash_5tuple_ipv6) == 40, 82*0c325f53SAlexander V. Chernikov "_hash_5tuple_ipv6 size is wrong"); 83*0c325f53SAlexander V. Chernikov 84*0c325f53SAlexander V. Chernikov uint32_t 85*0c325f53SAlexander V. Chernikov fib6_calc_software_hash(const struct in6_addr *src, const struct in6_addr *dst, 86*0c325f53SAlexander V. Chernikov unsigned short src_port, unsigned short dst_port, char proto, 87*0c325f53SAlexander V. Chernikov uint32_t *phashtype) 88*0c325f53SAlexander V. Chernikov { 89*0c325f53SAlexander V. Chernikov struct _hash_5tuple_ipv6 data; 90*0c325f53SAlexander V. Chernikov 91*0c325f53SAlexander V. Chernikov data.src = *src; 92*0c325f53SAlexander V. Chernikov data.dst = *dst; 93*0c325f53SAlexander V. Chernikov data.src_port = src_port; 94*0c325f53SAlexander V. Chernikov data.dst_port = dst_port; 95*0c325f53SAlexander V. Chernikov data.proto = proto; 96*0c325f53SAlexander V. Chernikov data.spare[0] = data.spare[1] = data.spare[2] = 0; 97*0c325f53SAlexander V. Chernikov 98*0c325f53SAlexander V. Chernikov *phashtype = M_HASHTYPE_OPAQUE_HASH; 99*0c325f53SAlexander V. Chernikov 100*0c325f53SAlexander V. Chernikov return (toeplitz_hash(MPATH_ENTROPY_KEY_LEN, mpath_entropy_key, 101*0c325f53SAlexander V. Chernikov sizeof(data), (uint8_t *)&data)); 102*0c325f53SAlexander V. Chernikov } 103*0c325f53SAlexander V. Chernikov #endif 104*0c325f53SAlexander V. Chernikov 105a6663252SAlexander V. Chernikov /* 106a6663252SAlexander V. Chernikov * Looks up path in fib @fibnum specified by @dst. 107a6663252SAlexander V. Chernikov * Assumes scope is deembedded and provided in @scopeid. 108a6663252SAlexander V. Chernikov * 109a6663252SAlexander V. Chernikov * Returns path nexthop on success. Nexthop is safe to use 110a6663252SAlexander V. Chernikov * within the current network epoch. If longer lifetime is required, 111a6663252SAlexander V. Chernikov * one needs to pass NHR_REF as a flag. This will return referenced 112a6663252SAlexander V. Chernikov * nexthop. 113a6663252SAlexander V. Chernikov */ 114a6663252SAlexander V. Chernikov struct nhop_object * 115a6663252SAlexander V. Chernikov fib6_lookup(uint32_t fibnum, const struct in6_addr *dst6, 116a6663252SAlexander V. Chernikov uint32_t scopeid, uint32_t flags, uint32_t flowid) 117a6663252SAlexander V. Chernikov { 118a6663252SAlexander V. Chernikov RIB_RLOCK_TRACKER; 119a6663252SAlexander V. Chernikov struct rib_head *rh; 120a6663252SAlexander V. Chernikov struct radix_node *rn; 121a6663252SAlexander V. Chernikov struct nhop_object *nh; 122a6663252SAlexander V. Chernikov struct sockaddr_in6 sin6; 123a6663252SAlexander V. Chernikov 124a6663252SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib6_lookup: bad fibnum")); 125a6663252SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET6); 126a6663252SAlexander V. Chernikov if (rh == NULL) 127a6663252SAlexander V. Chernikov return (NULL); 128a6663252SAlexander V. Chernikov 129a6663252SAlexander V. Chernikov /* TODO: radix changes */ 130a6663252SAlexander V. Chernikov //addr = *dst6; 131a6663252SAlexander V. Chernikov /* Prepare lookup key */ 132a6663252SAlexander V. Chernikov memset(&sin6, 0, sizeof(sin6)); 133a6663252SAlexander V. Chernikov sin6.sin6_len = sizeof(struct sockaddr_in6); 134a6663252SAlexander V. Chernikov sin6.sin6_addr = *dst6; 135a6663252SAlexander V. Chernikov 136a6663252SAlexander V. Chernikov /* Assume scopeid is valid and embed it directly */ 137a6663252SAlexander V. Chernikov if (IN6_IS_SCOPE_LINKLOCAL(dst6)) 138a6663252SAlexander V. Chernikov sin6.sin6_addr.s6_addr16[1] = htons(scopeid & 0xffff); 139a6663252SAlexander V. Chernikov 140a6663252SAlexander V. Chernikov RIB_RLOCK(rh); 141a6663252SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin6, &rh->head); 142a6663252SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 143fedeb08bSAlexander V. Chernikov nh = nhop_select((RNTORT(rn))->rt_nhop, flowid); 144a6663252SAlexander V. Chernikov /* Ensure route & ifp is UP */ 145a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 146a6663252SAlexander V. Chernikov if (flags & NHR_REF) 147a6663252SAlexander V. Chernikov nhop_ref_object(nh); 148a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 149a6663252SAlexander V. Chernikov return (nh); 150a6663252SAlexander V. Chernikov } 151a6663252SAlexander V. Chernikov } 152a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 153a6663252SAlexander V. Chernikov 154a6663252SAlexander V. Chernikov RTSTAT_INC(rts_unreach); 155a6663252SAlexander V. Chernikov return (NULL); 156a6663252SAlexander V. Chernikov } 157a6663252SAlexander V. Chernikov 158a6663252SAlexander V. Chernikov inline static int 159fedeb08bSAlexander V. Chernikov check_urpf_nhop(const struct nhop_object *nh, uint32_t flags, 160a6663252SAlexander V. Chernikov const struct ifnet *src_if) 161a6663252SAlexander V. Chernikov { 162a6663252SAlexander V. Chernikov 163a6663252SAlexander V. Chernikov if (src_if != NULL && nh->nh_aifp == src_if) { 164a6663252SAlexander V. Chernikov return (1); 165a6663252SAlexander V. Chernikov } 166a6663252SAlexander V. Chernikov if (src_if == NULL) { 167a6663252SAlexander V. Chernikov if ((flags & NHR_NODEFAULT) == 0) 168a6663252SAlexander V. Chernikov return (1); 169a6663252SAlexander V. Chernikov else if ((nh->nh_flags & NHF_DEFAULT) == 0) 170a6663252SAlexander V. Chernikov return (1); 171a6663252SAlexander V. Chernikov } 172a6663252SAlexander V. Chernikov 173a6663252SAlexander V. Chernikov return (0); 174a6663252SAlexander V. Chernikov } 175a6663252SAlexander V. Chernikov 176fedeb08bSAlexander V. Chernikov static int 177fedeb08bSAlexander V. Chernikov check_urpf(struct nhop_object *nh, uint32_t flags, 178a6663252SAlexander V. Chernikov const struct ifnet *src_if) 179a6663252SAlexander V. Chernikov { 180fedeb08bSAlexander V. Chernikov #ifdef ROUTE_MPATH 181fedeb08bSAlexander V. Chernikov if (NH_IS_NHGRP(nh)) { 182fedeb08bSAlexander V. Chernikov struct weightened_nhop *wn; 183fedeb08bSAlexander V. Chernikov uint32_t num_nhops; 184fedeb08bSAlexander V. Chernikov wn = nhgrp_get_nhops((struct nhgrp_object *)nh, &num_nhops); 185fedeb08bSAlexander V. Chernikov for (int i = 0; i < num_nhops; i++) { 186fedeb08bSAlexander V. Chernikov if (check_urpf_nhop(wn[i].nh, flags, src_if) != 0) 187a6663252SAlexander V. Chernikov return (1); 188a6663252SAlexander V. Chernikov } 189a6663252SAlexander V. Chernikov return (0); 190fedeb08bSAlexander V. Chernikov } else 191a6663252SAlexander V. Chernikov #endif 192fedeb08bSAlexander V. Chernikov return (check_urpf_nhop(nh, flags, src_if)); 193fedeb08bSAlexander V. Chernikov } 194a6663252SAlexander V. Chernikov 195a6663252SAlexander V. Chernikov /* 196a6663252SAlexander V. Chernikov * Performs reverse path forwarding lookup. 197a6663252SAlexander V. Chernikov * If @src_if is non-zero, verifies that at least 1 path goes via 198a6663252SAlexander V. Chernikov * this interface. 199a6663252SAlexander V. Chernikov * If @src_if is zero, verifies that route exist. 200a6663252SAlexander V. Chernikov * if @flags contains NHR_NOTDEFAULT, do not consider default route. 201a6663252SAlexander V. Chernikov * 202a6663252SAlexander V. Chernikov * Returns 1 if route matching conditions is found, 0 otherwise. 203a6663252SAlexander V. Chernikov */ 204a6663252SAlexander V. Chernikov int 205a6663252SAlexander V. Chernikov fib6_check_urpf(uint32_t fibnum, const struct in6_addr *dst6, 206a6663252SAlexander V. Chernikov uint32_t scopeid, uint32_t flags, const struct ifnet *src_if) 207a6663252SAlexander V. Chernikov { 208a6663252SAlexander V. Chernikov RIB_RLOCK_TRACKER; 209a6663252SAlexander V. Chernikov struct rib_head *rh; 210a6663252SAlexander V. Chernikov struct radix_node *rn; 211d98351e1SAlexander V. Chernikov struct sockaddr_in6 sin6; 212a6663252SAlexander V. Chernikov int ret; 213a6663252SAlexander V. Chernikov 214a6663252SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib6_check_urpf: bad fibnum")); 215a6663252SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET6); 216a6663252SAlexander V. Chernikov if (rh == NULL) 217a6663252SAlexander V. Chernikov return (0); 218a6663252SAlexander V. Chernikov 219d98351e1SAlexander V. Chernikov /* TODO: radix changes */ 220d98351e1SAlexander V. Chernikov /* Prepare lookup key */ 221d98351e1SAlexander V. Chernikov memset(&sin6, 0, sizeof(sin6)); 222d98351e1SAlexander V. Chernikov sin6.sin6_len = sizeof(struct sockaddr_in6); 223d98351e1SAlexander V. Chernikov sin6.sin6_addr = *dst6; 224d98351e1SAlexander V. Chernikov 225a6663252SAlexander V. Chernikov /* Assume scopeid is valid and embed it directly */ 226a6663252SAlexander V. Chernikov if (IN6_IS_SCOPE_LINKLOCAL(dst6)) 227d98351e1SAlexander V. Chernikov sin6.sin6_addr.s6_addr16[1] = htons(scopeid & 0xffff); 228a6663252SAlexander V. Chernikov 229a6663252SAlexander V. Chernikov RIB_RLOCK(rh); 230d98351e1SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin6, &rh->head); 231a6663252SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 232fedeb08bSAlexander V. Chernikov ret = check_urpf(RNTORT(rn)->rt_nhop, flags, src_if); 233a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 234a6663252SAlexander V. Chernikov return (ret); 235a6663252SAlexander V. Chernikov } 236a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 237a6663252SAlexander V. Chernikov 238a6663252SAlexander V. Chernikov return (0); 239a6663252SAlexander V. Chernikov } 240a6663252SAlexander V. Chernikov 24155f57ca9SAlexander V. Chernikov struct nhop_object * 24255f57ca9SAlexander V. Chernikov fib6_lookup_debugnet(uint32_t fibnum, const struct in6_addr *dst6, 24355f57ca9SAlexander V. Chernikov uint32_t scopeid, uint32_t flags) 24455f57ca9SAlexander V. Chernikov { 24555f57ca9SAlexander V. Chernikov struct rib_head *rh; 24655f57ca9SAlexander V. Chernikov struct radix_node *rn; 24755f57ca9SAlexander V. Chernikov struct nhop_object *nh; 24855f57ca9SAlexander V. Chernikov struct sockaddr_in6 sin6; 24955f57ca9SAlexander V. Chernikov 25055f57ca9SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib6_lookup: bad fibnum")); 25155f57ca9SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET6); 25255f57ca9SAlexander V. Chernikov if (rh == NULL) 25355f57ca9SAlexander V. Chernikov return (NULL); 25455f57ca9SAlexander V. Chernikov 25555f57ca9SAlexander V. Chernikov /* TODO: radix changes */ 25655f57ca9SAlexander V. Chernikov //addr = *dst6; 25755f57ca9SAlexander V. Chernikov /* Prepare lookup key */ 25855f57ca9SAlexander V. Chernikov memset(&sin6, 0, sizeof(sin6)); 25955f57ca9SAlexander V. Chernikov sin6.sin6_len = sizeof(struct sockaddr_in6); 26055f57ca9SAlexander V. Chernikov sin6.sin6_addr = *dst6; 26155f57ca9SAlexander V. Chernikov 26255f57ca9SAlexander V. Chernikov /* Assume scopeid is valid and embed it directly */ 26355f57ca9SAlexander V. Chernikov if (IN6_IS_SCOPE_LINKLOCAL(dst6)) 26455f57ca9SAlexander V. Chernikov sin6.sin6_addr.s6_addr16[1] = htons(scopeid & 0xffff); 26555f57ca9SAlexander V. Chernikov 26655f57ca9SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin6, &rh->head); 26755f57ca9SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 268fedeb08bSAlexander V. Chernikov nh = nhop_select((RNTORT(rn))->rt_nhop, 0); 26955f57ca9SAlexander V. Chernikov /* Ensure route & ifp is UP */ 27055f57ca9SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 27155f57ca9SAlexander V. Chernikov if (flags & NHR_REF) 27255f57ca9SAlexander V. Chernikov nhop_ref_object(nh); 27355f57ca9SAlexander V. Chernikov return (nh); 27455f57ca9SAlexander V. Chernikov } 27555f57ca9SAlexander V. Chernikov } 27655f57ca9SAlexander V. Chernikov 27755f57ca9SAlexander V. Chernikov return (NULL); 27855f57ca9SAlexander V. Chernikov } 27955f57ca9SAlexander V. Chernikov 28065ff3638SAlexander V. Chernikov #endif 281